Lucene search
K

60 matches found

CVE
CVE
added yesterday9 views

CVE-2026-58521

The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation’s Mediawiki Cargo Extension. Affected versions are Cargo Extension before 1.43.9, 1.44.6, and 1.45.4. The issue arises from improper neutralization of special elements in SQL commands when using the year range filter, ...

6.9CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-58519

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS0.00268EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00158EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.1CVSS5.4AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 9:32 p.m.2 views

EUVD-2026-19927

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/07 9:32 p.m.3 views

EUVD-2026-19929

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References3
NVD
NVD
added 2026/04/07 8:16 p.m.2 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00158EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 8:16 p.m.7 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.1CVSS0.00158EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 8:16 p.m.4 views

CVE-2026-39839

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00181EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 7:47 p.m.11 views

CVE-2026-39837

CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 7:47 p.m.2 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 7:47 p.m.15 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00189EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:43 p.m.3 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00158EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 7:43 p.m.12 views

CVE-2026-39841

The CVE-2026-39841 vulnerability is a Stored XSS in the MediaWiki Cargo Extension (pre-3.8.7) due to improper neutralization of Script-Related HTML tags in list fields on Cargo pages and Special:CargoTables. This affects how Cargo handles page values, allowing injected scripts to be stored and po...

6.3CVSS5.9AI score0.00158EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:35 p.m.2 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/07 7:35 p.m.2 views

CVE-2026-39840 CSS injection in multiple Cargo display formats

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 7:35 p.m.14 views

CVE-2026-39840

The CVE-2026-39840 issue affects Wikimedia Foundation MediaWiki’s Cargo Extension (before version 3.8.7). It is caused by improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that targets non-script elements. Impact is user-side script execution with th...

6.1CVSS5.9AI score0.00158EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 7:29 p.m.9 views

CVE-2026-39839

CVE-2026-39839 affects Wikimedia Foundation MediaWiki Cargo Extension prior to 3.8.7. It is a Stored XSS vulnerability caused by improper neutralization of Script-Related HTML tags in a web page, exploitable via map format URLs stored by the extension. The impact is stored XSS with potential user...

6.3CVSS5.9AI score0.00181EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:29 p.m.2 views

CVE-2026-39839

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00181EPSS
Exploits1References4
Rows per page
Query Builder